cbcvebase.
CVE-2007-4816
published 2007-09-11

CVE-2007-4816: Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage…

PriorityP264high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.08%
94.7th percentile
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.

Affected

3 ranges
VendorProductVersion rangeFixed in
baofengstorm<= 2.8
baofengstorm
baofengstorm

Detection & IOCsextracted from sources · hover to see the quote

filenameMps.dll
  • Monitor ActiveX instantiation of the BaoFeng2 storm control (Mps.dll) in browser processes; alert on unusually long property values set for URL, backImage, or titleImage properties.
  • Detect calls to the advancedOpen method of the Mps.dll ActiveX control with an abnormally long first argument, which is an exploitation vector.
  • Detect calls to isDVDPath or rawParse methods of the Mps.dll ActiveX control with long arguments as exploitation indicators.
  • Inspect .smpl playlist files for an item element containing an abnormally long path attribute, which is used as an exploitation vector against the BaoFeng2 ActiveX control.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.